|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] x86: properly check XEN_DOMCTL_ioport_mapping arguments for invalid range
On 18/09/2012 16:24, "Jan Beulich" <JBeulich@xxxxxxxx> wrote:
> In particular, the case of "np" being a very large value wasn't handled
> correctly. The range start checks also were off by one (except that in
> practice, when "np" is properly range checked, this would still have
> been caught by the range end checks).
>
> Also, is a GFN wrap in XEN_DOMCTL_memory_mapping really okay?
Probably worth fixing?
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
Acked-by: Keir Fraser <keir@xxxxxxx>
> --- a/xen/arch/x86/domctl.c
> +++ b/xen/arch/x86/domctl.c
> @@ -884,7 +884,7 @@ long arch_do_domctl(
> int found = 0;
>
> ret = -EINVAL;
> - if ( (np == 0) || (fgp > MAX_IOPORTS) || (fmp > MAX_IOPORTS) ||
> + if ( ((fgp | fmp | (np - 1)) >= MAX_IOPORTS) ||
> ((fgp + np) > MAX_IOPORTS) || ((fmp + np) > MAX_IOPORTS) )
> {
> printk(XENLOG_G_ERR
>
>
>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxx
> http://lists.xen.org/xen-devel
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |